CVE-2025-29908

Name of the Vulnerable Software and Affected Versions Netty QUIC codec versions prior to 0.0.71.Final

Description A hash collision vulnerability in the Netty QUIC codec allows remote attackers to cause a considerable CPU load on the server by initiating connections with colliding Source Connection IDs (SCIDs), resulting in a Hash DoS attack.

Recommendations For versions prior to 0.0.71.Final, update to version 0.0.71.Final to resolve the issue. As a temporary workaround, consider restricting access to the quiche module or limiting the number of connections to minimize the risk of exploitation.